Fake Ledger Letters Are Hitting Mailboxes
In a disturbing twist to crypto phishing scams, Ledger hardware wallet owners are now being targeted with physical letters, complete with official-looking branding, requesting them to validate their 24-word recovery phrases. Tech analyst Jacob Canfield was one of the victims, sharing images of the forged letter he received that threatened to restrict access to his funds unless he completed a so-called "mandatory validation process." The fraudulent document even carried a QR code leading to a malicious site designed to steal wallet credentials.
Canfield suspects the scammers are using personal data from Ledger’s 2020 data leak, which exposed the personal details of over 270,000 customers.
Scam Letters Masquerade as Critical Security Alerts
The letter Canfield received mimicked Ledger’s branding, including their business address and what looked like a real support reference number. It demanded that he complete a "critical security update" and scan a QR code—leading to a phishing site that asked for his recovery phrase.
This incident wasn’t isolated. According to a hardware wallet reseller, multiple users have reported receiving similar fake letters. Some even reported receiving tampered Ledger devices designed to install malware and compromise their private keys upon use.
Breaking: New scam meta launched. Now they’re sending physical letters to the @Ledger addresses database leak requesting an ‘upgrade’ due to a security risk.
— Jacob Canfield (@JacobCanfield) April 28, 2025
Be very cautious and warn any friends or family that you know is in crypto and is not that savvy. pic.twitter.com/XoUAGQBJXt
Breaking: New scam meta launched. Now they’re sending physical letters to the @Ledger addresses database leak requesting an ‘upgrade’ due to a security risk.
— Jacob Canfield (@JacobCanfield) April 28, 2025
Be very cautious and warn any friends or family that you know is in crypto and is not that savvy. pic.twitter.com/XoUAGQBJXt
Ledger Responds: "It’s a Scam—Stay Vigilant"
Ledger responded by confirming that these physical letters are fraudulent and reminded customers that they will never ask for a user’s 24-word recovery phrase, not by letter, phone, DM, or email.
The firm acknowledged the growing sophistication of scams and said they are actively working to detect, report, and block impersonators across platforms. However, as Ledger noted, they can’t control what scammers say or do on social media or through postal mail.
Time to Update the Warning System?
Canfield recommended that Ledger should update its warnings to explicitly include physical letters alongside DMs and emails. This is especially important for non-tech-savvy crypto users, who may fall prey to the realistic look of the phishing messages. In its closing statement, Ledger emphasized that its hardware wallets are built for high-level security, with frequent system updates to meet evolving threats. The company also warned against engaging with imposter accounts or unsolicited “help” offers related to wallet access or lost funds.